Updating your WordPress site

It is advisable to always update your wordpress core and plugins. This will help add essential updates to your wordpress installation, and help close vulnerabilities that hackers use to compromise your website.

Harden WordPress

Remove WordPress version

Check if your WordPress version is being hidden from being displayed in the generator tag.

By default WordPress leaves it’s footprints on your site for the sake of tracking. That is how we know that WordPress is the World’s largest Blogging platform. However this opens some doors to hackers knowing about vulnerabilities that may be present in your wordpress core. If you are not running the most current wordpress core version, then hackers can quickly narrow down previous vulnerabilities of the wordpress core. If you are running the most up to date version of WordPress core, then you can ignore this tutorial completely, which is why we recommend that you have your wordpress site updated automatically.

There are many ways to get rid of the WordPress version number from your header. However take note below that there is only one correct way to do this.

Some sites will recommend that you open your header.php file and get rid of this code:

This is only one part of the solution. As a clever hacker who is well acquainted with WordPress will just go to your RSS feeds, and they will see the version on this page as neither fix above removes those codes from RSS feeds.

In order for you to completely remove your WordPress version number from both your head file and RSS feeds, you will need to add the following function to your functions.php file:

By adding this version, you will remove the WordPress version number from all different areas on your site. Above is the right way to remove WordPress Version number.

Note: We still recommend that you update to the latest version of WordPress because that is the only guaranteed way to keep your blog protected.

As said in the beginning, we recommend that you keep your wordpress version up to date as a safer solution. You may also find a method to remove your wordpress version via this firewall available on the plugins section or your wordpress dashboard or on wordpress.org, it is called SUCURI, learn more at sucuri.net

Protect uploads directory

There is a great tutorial on how to protect your uploads directory at;

WP-Content/Uploads

Leaving the uploads directory accessible to the public can be a tragic mistake. However, the uploads directory is the one directory that will almost need to be writable by the web server. In order to prevent PHP execution in this directory, you can do this by placing an .htaccess at the root of /UPLOADS using:

You may find that hackers or unauthorized programs and 3rd parties are accessing your sessions.
I you have any doubt, you can change your security keys. Reference wordpress.org
You may also use SUCURI, learn more at sucuri.net

Other precautions

For other precautions you may want to check some of the following options.

2FA = Two factor authentication; This employs a security solution that requires a random code generated from your phone to allow access to your site. This is a combination of using your username/password as well as the random code. Without the addition of the random code, a user is not permitted to use their password to login.

There are a lot of options for this, check wordpress.org for the best solution for you.